What do you all think about this idea? https://medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb https://blog.webmaker.org/one-less-password
OK, so you all think this idea sucks? In short, this system will make it possible to login to sites with a one-time password. So if you want to login, the site will send a password to your mail-account or smart-phone. This way you will never have to make separate passwords for multiple sites.
The idea is sound and we have had variations of it in place for some time now (i.e. "forgot my password" functionality and mobile verification for unknown devices during log in, which the articles above mention). Obviously this would limit the damages caused by website breaches since websites would, in theory, no longer store passwords. I wonder if a similar concept could be applied to credit/debit cards so that, instead of having to enter a PIN or having a CCV code that is static and can be stolen, there was a temporary PIN or CCV issued at the time of transaction and the only thing present on the card was just the card number and expiration date? I think some credit cards allow you to do something like this already, correct? Where you can use virtual credit card numbers to make purchases online instead of divulging your actual card details? Something like this, but taking it a step further so that if someone steals your card it's worthless and if someone breaks into an eCommerce site or hacks payment terminals, all they would get are card numbers which would be useless by themselves under a scheme like this.
@ Maji To be honest, I do not have any problems with the current "old skool" password system. This new approach is interesting but it also has certain drawbacks. What if for whatever reason you do not have access to your mail-account, or smartphone? You're out of luck then. About credit cards, over here in Holland we do not use them that often, we use PIN cards, you can only pay with them if you know the 4 digit pincode (not needed when paying wirelessly up to 50 euro). And when buying stuff online, you get redirected to the website of your bank, you will need your PIN card and hardware token to complete the transaction.
Cynical ole me has a huge problem with phone or email verification. Mainly the privacy disaster that giving your mobile identity to pretty much anyone represents - less so with email, but also because I think smartphones are insecure and very liable to be stolen or run out of battery - hence denial of service. I'm pretty sceptical of biometrics too until practical experience proves otherwise, particularly false negatives locking you out.
This means if someone gets into your phone or mail they have your password for multiple sites in one hit.
The only problem with current passwords is, that people do not use them, or do not know how to use them properly. They just create simple hackable passwords.
This also looks kinda cool: http://www.getnymi.com/blog/want-to...-pilot-with-the-nymi-band-mastercard-and-rbc/
BTW, are people already using this, perhaps in the USA? Rabobank is implementing this in Holland, not sure what to think of it. According to them, it offers more protection against for example banking trojans who try to evade 2 factor authentication. https://www.vasco.com/products/client_products/esignature_digipass/digipass_760.aspx http://www.cronto.com/crontosign-transaction-authentication-device.htm
Another idea to kill passwords: https://www.plymouth.ac.uk/news/ima...ltiple-device-password-systems-study-suggests